[strongSwan] Mac OS 10.10 Client to Linux Strongswan server HASH N(AUTH_FAILED) error

Jude Oliver judeo at blansys.com
Tue Apr 26 21:39:17 CEST 2016

I regenerated my certificate many times,  none of them show this  info
about the private key:

  pubkey:    RSA 2048 bits, has private key

Perhaps something is wrong with my steps, or my OS?
The commands  listed on your site state to use these commands:
ipsec pki --gen > caKey.der

ipsec pki --self --in caKey.der --dn "C=CH, O=strongSwan, CN=strongSwan
CA" --ca > caCert.der

Now on my system I cannot use ipsec to do this, I have to use
Strongswan pki --gen > caKey.der

Etc as my ipsec only does this:

ipsec --help
Usage: ipsec <command> <argument ...>
where <command> is one of:

	start			stop
	restart			status
	import			initnss
	checknss		checknflog
	addconn			auto
	barf			cavp
	eroute			ikeping
	klipsdebug		look
	newhostkey		pf_key
	pluto			readwriteconf
	rsasigkey		secrets
	setup			showhostkey
	spi			spigrp
	tncfg			verify

See also: man ipsec <command> or ipsec <command> --help
See <https://libreswan.org/> for more general info.
Linux Libreswan 3.15 (netkey) on 3.10.0-327.13.1.el7.x86_64

this is what I have installed related to ipsec:
Installed Packages

Am I perhaps missing something from my OS?
Thanks for any insights.


Jude Oliver
1100 Poydras St. Suite 1230
New Orleans, LA 70163
Main Office: 504-529-8869
Joliver at blansys.com
www.blanchardsystems.com <http://www.blanchardsystems.com/>


Join Blanchard Systems

2016 Tips and Tricks Training Webinars

Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training
Click Here <http://www.blanchardsystems.com/events/> to view the schedule
and register for one of our upcoming events.

On 4/26/16, 10:40 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:

>> Still no love here, no private key for my left server?
>Did you configure your private key in ipsec.secrets [1]?
>Once the private key is loaded you should see the following when listing
>your cert:
>>   pubkey:    RSA 2048 bits, has private key
>[1] https://wiki.strongswan.org/projects/strongswan/wiki/RsaSecret

More information about the Users mailing list